* cleanup: use a uniform verifier interface for provenance type
Signed-off-by: Asra Ali <asraa@google.com>
* fix experimental gateg
Signed-off-by: Asra Ali <asraa@google.com>
* oops
Signed-off-by: Asra Ali <asraa@google.com>
---------
Signed-off-by: Asra Ali <asraa@google.com>
* Use `Run` instead of `RunE` to handle usage/errors
We want to only display the usage message if there is an error in the
parsing of arguments. Once the arguments are parsed and we invoke the
internal implementation the usage message should not be displayed
anymore, regardless of what internal error gets returned. Fortunately,
the fix is easy.
Tested:
* passing scenario:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo fib
Verified signature against tlog entry index 9712459 at URL: ...
Verified build using builder ...
Verifying artifact fib: PASSED
PASSED: Verified SLSA provenance
```
* failing scenario with missing artifact file:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo fibs
Verifying artifact fibs: FAILED: open fibs: no such file or directory
FAILED: SLSA verification failed: open fibs: no such file or directory
```
* failing scenario with invalid artifact:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo multiple.intoto.jsonl
Verified signature against tlog entry index 9712459 at URL: ...
Verifying artifact multiple.intoto.jsonl: FAILED: expected hash ...
FAILED: SLSA verification failed: expected hash ...
```
* failing scenario due to invalid usage (missing required arguments):
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl
Usage:
slsa-verifier verify-artifact [flags] artifact [artifact..]
Flags:
--build-workflow-input map[] [optional] a workflow input provided by a user at trigger time in the format 'key=value'. (Only for 'workflow_dispatch' events on GitHub Actions). (default map[])
--builder-id string [optional] the unique builder ID who created the provenance
-h, --help help for verify-artifact
--print-provenance [optional] print the verified provenance to stdout
--provenance-path string path to a provenance file
--source-branch string [optional] expected branch the binary was compiled from
--source-tag string [optional] expected tag the binary was compiled from
--source-uri string expected source repository that should have produced the binary, e.g. github.com/some/repo
--source-versioned-tag string [optional] expected version the binary was compiled from. Uses semantic version to match the tag
required flag(s) "source-uri" not set
exit status 1
```
Fixes#307
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Handle the same fix in image verification
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* go fmt
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Remove limit of number of artifacts to verify
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update short description
Mention that we support multiple artifacts as long as they come from the
same provenance.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Verify all artifacts passed in cmdline
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Remove header of verify step output
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Format the `cobra.Command.Use` argument
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Don't return a slice of builderIDs.
Since all images should come from the same provenance file, there's an
invariant that we will always get exactly one builderID. So, no need to
return a slice of them.
Just to preempt the case when the invariant would be broken, add a
specific check.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change existing tests to support multiple artifacts.
No new tests added, just changing table test data type.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* [nfc] Format test file
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change test to allow passing multiple artifacts.
For now, just allow passing the entire array of artifacts to command
line / arguments. The functionality should still be the same.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix typo
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix path to test artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Allow different provenance path
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Try 2 artifacts from existing testdata
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add more tests for multiple artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add failing test
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix artifact and error
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add final test: no artifact match
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update README.md
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
One part that is missing in the output if invocation is wrong is that
there is no indication that user has to pass path to a file
(artifact/image).
The remaining potential errors from #173 are handled via #231.
Found while looking at #174.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
